Busted! Ukrainian cybercrime duo who ripped off $4.5 million sent to prison in UK

Filed Under: Featured, Law & order, Malware, Phishing

The Police Central E-Crime Unit (PCeU) of London's Metropolitan Police Service has announced the sentencing of two Ukrainian cybercrooks.

Yuriy Konovalenko, 29, and Yevhen Kulibaba, 33, were sent down for just short of five years each.

According to the PCeU, the pair were the lynchpins in a syndicate which got its hands on at least £2.8 million (approximately US$4.5 million) in just six months.

They used malware to steal internet banking credentials from unsuspecting victims, before moving money from the compromised accounts into a large number of accounts set up in the UK using fraudulent documentation.

Kulibaba, based in the Ukraine, is described as the main player in the scam, acquiring stolen credentials and arranging for the electronic theft and disbursement of the gang's ill-gotten gains.

Konovolenko, based in the UK, was the "man on the ground", organising the fraudulently-established accounts and orchestrating a bunch of operatives to finalise the crime by withdrawing cash.

Protect yourself against this sort of criminality:

* Keep your operating system and software patched - whatever operating system you use. Don't let malware sneak onto your PC through holes that you could already have closed.

* Keep your security software up-to-date, and check routinely to ensure that it's working properly. Most infections don't involve as-yet-undetectable malware and could thus easily have been prevented.

* Review your bank statements regularly to look for unauthorised transactions.

* Don't use the same password on multiple websites.

* Never do internet banking from a kiosk or an internet cafe. You can't tell what booby-traps the previous user may have left behind.

* If your bank offers two-factor authentication (2FA), use it. 2FA doesn't guarantee perfect safety, but it makes things harder for the crooks.

, , , , , , ,

You might like

One Response to Busted! Ukrainian cybercrime duo who ripped off $4.5 million sent to prison in UK

  1. Brent Whittington · 899 days ago

    ...and let's not forget: Never click links in emails to access your accounts. Always browse directly to the bank or company site, verify the URL and security credentials, THEN transact business!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog